US2011197253A1PendingUtilityA1
Method and System of Responding to Buffer Overflow Vulnerabilities
Assignee: COMODO SECURITY SOLUTIONS INCPriority: Feb 8, 2010Filed: Feb 8, 2010Published: Aug 11, 2011
Est. expiryFeb 8, 2030(~3.6 yrs left)· nominal 20-yr term from priority
Inventors:Egemen Tas
G06F 21/57G06F 21/554
34
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
The application discloses a method of protecting a computer against buffer overflow attacks by creating a security policy based on information about the buffer overflow. This results in a dynamic and “on-the-fly” security policy that can be applied to an application to protect the computer. The application also discloses a method where the buffer overflow is reported to central server. The central server monitors the publisher to determine when a patch becomes available to remedy the problem. The server notifies the security software when a patch is available so that either the security software or computer user can download and install the patch.
Claims
exact text as granted — not AI-modified1 . A method of responding to a buffer overflow comprising:
a. Creating a security policy based on information obtained from a buffer overflow and b. Applying the security policy to the application causing the buffer overflow
2 . A method according to claim 1 , where the security policy restricts access to the file system for the application causing the buffer overflow.
3 . A method according to claim 1 , where the security policy is created by security software protecting a computer where the buffer overflow occurred.
4 . A method according to claim 1 , where the security policy is created by the security software based on the prior actions of the application causing the buffer overflow.
5 . A method according to claim 4 where the application causing the buffer overflow is restricted from accessing files not previously accessed.
6 . A method according to claim 5 where the application causing the buffer overflow is restricted from accessing registry entries not previously accessed.
7 . A method according to claim 1 where the security policy is removed after a patch for the application causing the buffer overflow is installed.
8 . A method according to claim 7 where the security policy is removed only if the patch information states that the patch corrects the buffer overflow.
9 . A method of responding to a buffer overflow comprising:
a. Sending information about a buffer overflow to a server, b. Checking a database to determine if a patch exists for the application causing the buffer overflow,
10 . A method according to claim 9 , further comprising creating a security policy if a patch does not exist.
11 . A method according to claim 9 , further comprising having a patch installed for the application causing the buffer overflow.
12 . A method according to claim 9 , further comprising having the server monitor a website associated with the application causing the buffer overflow.
13 . A method according to claim 12 , where security software is alerted when a patch becomes available.
14 . A method according to claim 12 , where the server maintains a list of computers that have reported a buffer overflow.
15 . A method according to claim 9 , further comprising having security software protecting a computer that experienced the buffer overflow monitor a website associated with the application causing the buffer overflow.
16 . further comprising having the server monitor a website associated with the application causing the buffer overflow.
17 . application's publisher's website patch installed for the application causing the buffer overflow.
18 . A system of responding to a buffer overflow vulnerability comprising:
a. Security software protecting a computer that experienced a buffer overflow problem b. A server c. A database of patches d. Means of a applying a patch after the server receives information about a buffer overflow vulnerability from the security software.
19 . A system according to claim 18 , further comprising means of communicating with a website associated with an application that caused a buffer.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.